Understand attackers

Previously, you were introduced to the concept of threat actors. As a reminder, a threat actor is any person or group who presents a security risk. In this reading, you’ll learn about different types of threat actors. You will also learn about their motivations, intentions, and how they’ve influenced the security industry.

Threat actor types

Advanced persistent threats

Advanced persistent threats (APTs) have significant expertise accessing an organization's network without authorization. APTs tend to research their targets (e.g., large corporations or government entities) in advance and can remain undetected for an extended period of time. Their intentions and motivations can include:

Damaging critical infrastructure, such as the power grid and natural resources
Gaining access to intellectual property, such as trade secrets or patents

Insider threats

Insider threats abuse their authorized access to obtain data that may harm an organization. Their intentions and motivations can include:

Sabotage
Corruption
Espionage
Unauthorized data access or leaks

Hacktivists

Hacktivists are threat actors that are driven by a political agenda. They abuse digital technology to accomplish their goals, which may include:

Demonstrations
Propaganda
Social change campaigns
Fame

Hacker types

A hacker is any person who uses computers to gain access to computer systems, networks, or data. They can be beginner or advanced technology professionals who use their skills for a variety of reasons. There are three main categories of hackers:

Authorized hackers are also called ethical hackers. They follow a code of ethics and adhere to the law to conduct organizational risk evaluations. They are motivated to safeguard people and organizations from malicious threat actors.
Semi-authorized hackers are considered researchers. They search for vulnerabilities but don’t take advantage of the vulnerabilities they find.
Unauthorized hackers are also called unethical hackers. They are malicious threat actors who do not follow or respect the law. Their goal is to collect and sell confidential data for financial gain.

Note: There are multiple hacker types that fall into one or more of these three categories.

New and unskilled threat actors have various goals, including:

To learn and enhance their hacking skills
To seek revenge
To exploit security weaknesses by using existing malware, programming scripts, and other tactics

Other types of hackers are not motivated by any particular agenda other than completing the job they were contracted to do. These types of hackers can be considered unethical or ethical hackers. They have been known to work on both illegal and legal tasks for pay.

There are also hackers who consider themselves vigilantes. Their main goal is to protect the world from unethical hackers.

Key takeaways

Threat actors and hackers are technically skilled individuals. Understanding their motivations and intentions will help you be better prepared to protect your organization and the people it serves from malicious attacks carried out by some of these individuals and groups.

Resources for more information

To learn more about how security teams work to keep organizations and people safe, explore the Hacking Google series of videos.

Terms and definitions from Course 1

Google Cybersecurity Certificate glossary

Glossary terms from week 1

Glossary terms from week 2

Glossary terms from week 3

Welcome to the Google Cybersecurity Certificate

Google Cybersecurity Certificate overview

Course 1 overview

Welcome to week 1

Helpful resources and tips

Introduction to cybersecurity

Toni: My path to cybersecurity

Responsibilities of an entry-level cybersecurity analyst

Nikki: A day in the life of a security engineer

Common cybersecurity terminology

Core skills for cybersecurity professionals

Veronica: My path to working in cybersecurity

Transferable and technical cybersecurity skills

The importance of cybersecurity

Wrap-up

welcome to week 2

Past cybersecurity attacks

Attacks in the digital age

Common attacks and their effectiveness

Sean: Keep your cool during a data breach

Introduction to security frameworks and controls

Introduction to the eight CISSP security domains, Part 1

Introduction to the eight CISSP security domains, Part 2

Determine the type of attack

Understand attackers

Wrap-up

Secure design

Introduction to security frameworks and controls

Controls, frameworks, and compliance

Heather: Protect sensitive data and information

Ethics in Cybersecurity

Ethical concepts that guide cybersecurity decisions

Holly: The importance of ethics as a cybersecurity professional

Wrap-up

Welcome to week 4

Common cybersecurity tools

Tools for protecting business operations

Introduction to Linux, SQL, and Python

Use tools to protect business operations

Glossary terms from week 4

Understand attackers

Threat actor types

Advanced persistent threats

Insider threats

Hacktivists

Hacker types

Key takeaways

Resources for more information

No Comments